[linux-usb-devel] Re: [BK PATCH] USB changes for 2.5.7

Wed, 03 Apr 2002 16:47:19 -0800 

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#                  ChangeSet    1.564   -> 1.565  
#         drivers/usb/uhci.c    1.30    -> 1.31   
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 02/03/27      [EMAIL PROTECTED]    1.565
# [PATCH] USB uhci bugfix
# 
# The issue was that the poisoning would posing the data *before* it gave
# it to us as well, but I didn't clear out a pointer (qh->urbp) and later
# dereferenced it.
# 
# Thanks for the report again and for the pci_pool patch so I could
# troubleshoot it.
# 
# JE
# --------------------------------------------
#
diff -Nru a/drivers/usb/uhci.c b/drivers/usb/uhci.c
--- a/drivers/usb/uhci.c        Wed Apr  3 16:39:32 2002
+++ b/drivers/usb/uhci.c        Wed Apr  3 16:39:32 2002
@@ -337,6 +337,7 @@
        qh->link = UHCI_PTR_TERM;
 
        qh->dev = dev;
+       qh->urbp = NULL;
 
        INIT_LIST_HEAD(&qh->list);
        INIT_LIST_HEAD(&qh->remove_list);
@@ -411,20 +412,19 @@
        spin_unlock_irqrestore(&uhci->frame_list_lock, flags);
 }
 
-static void uhci_remove_qh(struct uhci *uhci, struct urb *urb)
+static void uhci_remove_qh(struct uhci *uhci, struct uhci_qh *qh)
 {
-       struct urb_priv *urbp = (struct urb_priv *)urb->hcpriv;
        unsigned long flags;
-       struct uhci_qh *qh = urbp->qh, *pqh;
+       struct uhci_qh *pqh;
 
        if (!qh)
                return;
 
+       qh->urbp = NULL;
+
        /* Only go through the hoops if it's actually linked in */
        spin_lock_irqsave(&uhci->frame_list_lock, flags);
        if (!list_empty(&qh->list)) {
-               qh->urbp = NULL;
-
                pqh = list_entry(qh->list.prev, struct uhci_qh, list);
 
                if (pqh->urbp) {
@@ -1043,7 +1043,7 @@
        urbp->short_control_packet = 1;
 
        /* Create a new QH to avoid pointer overwriting problems */
-       uhci_remove_qh(uhci, urb);
+       uhci_remove_qh(uhci, urbp->qh);
 
        /* Delete all of the TD's except for the status TD at the end */
        head = &urbp->td_list;
@@ -1746,7 +1746,8 @@
        uhci_delete_queued_urb(uhci, urb);
 
        /* The interrupt loop will reclaim the QH's */
-       uhci_remove_qh(uhci, urb);
+       uhci_remove_qh(uhci, urbp->qh);
+       urbp->qh = NULL;
 }
 
 static int uhci_unlink_urb(struct urb *urb)

_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel

Reply via email to